From: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
Date: Fri, 29 Jul 2016 15:05:59 +0000 (+0900)
Subject: Null terminate before (or after) strncpy(3)
X-Git-Tag: fio-2.14~71
X-Git-Url: https://git.kernel.dk/?p=fio.git;a=commitdiff_plain;h=087d0ed0d9b5b763e3bd50ad225b3b25897904bb;ds=sidebyside

Null terminate before (or after) strncpy(3)

These three strncpy() calls copy at most sizeof(buffer)-1 bytes,
but buffer isn't explicitly 0 cleared, so 0 terminate the last byte.

Signed-off-by: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
---

diff --git a/diskutil.c b/diskutil.c
index 294d2d3d..a1077d40 100644
--- a/diskutil.c
+++ b/diskutil.c
@@ -179,6 +179,7 @@ static int get_device_numbers(char *file_name, int *maj, int *min)
 		/*
 		 * must be a file, open "." in that path
 		 */
+		tempname[PATH_MAX - 1] = '\0';
 		strncpy(tempname, file_name, PATH_MAX - 1);
 		p = dirname(tempname);
 		if (stat(p, &st)) {
@@ -426,6 +427,7 @@ static struct disk_util *__init_per_file_disk_util(struct thread_data *td,
 			log_err("unknown sysfs layout\n");
 			return NULL;
 		}
+		tmp[PATH_MAX - 1] = '\0';
 		strncpy(tmp, p, PATH_MAX - 1);
 		sprintf(path, "%s", tmp);
 	}
diff --git a/ioengines.c b/ioengines.c
index 918b50ad..f7b5ed6b 100644
--- a/ioengines.c
+++ b/ioengines.c
@@ -130,6 +130,7 @@ struct ioengine_ops *load_ioengine(struct thread_data *td, const char *name)
 
 	dprint(FD_IO, "load ioengine %s\n", name);
 
+	engine[sizeof(engine) - 1] = '\0';
 	strncpy(engine, name, sizeof(engine) - 1);
 
 	/*